npm package-lock.json

Mads Kiilerich mads at kiilerich.com
Sat Sep 7 20:56:20 UTC 2019


On 9/4/19 9:14 PM, Thomas De Schampheleire wrote:
> The recommendation is thus to commit this file to the repository, but
> I assume it also means we should keep it up-to-date frequently for
> bugfixes.


We already lock package.json at specific versions, so I guess we just as 
well also could pin all dependencies.

Alternatively, we could leave package.json with more open ranges, 
similar to how we handle pip dependencies.

But let's just keep it simple, commit the lock, and specify which 
version we use and test.

/Mads



More information about the kallithea-general mailing list